Network attacks represent a major threat to the continuous operation of network devices. In a typical buffer overflow attack, for example, traffic emanates from an attacking device to a network device vulnerable to software errors. The packet exceeds the memory resources that were allocated for the packet, thus corrupting the additional space on the network device. The exceeded space may corrupt system allocated space. An intruder may attempt to have code executed when the packet exceeds its allocated space. Some buffer overflows can lead to a compromise of the vulnerable network space.
Once a network device has been compromised, the intruder may begin running a network sniffer. The intruder may configure the network sniffer to look for user name/password combinations or other information of interest destined to network servers. Once this information is obtained, the intruder's ability to attack the network servers is facilitated. Because these network sniffers act in passive mode (i.e., they monitor traffic, but do not alter it), they are often very difficult to detect.
Therefore, there exists a need for systems and methods that improve the ability to detect network sniffers.